Description

JBoss Drools, Red Hat JBoss BRMS before 6.0.1, and Red Hat JBoss BPM Suite before 6.0.1 allows remote authenticated users to execute arbitrary Java code via a (1) MVFLEX Expression Language (MVEL) or (2) Drools expression.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2014-0371.html

http://rhn.redhat.com/errata/RHSA-2014-0372.html

http://secunia.com/advisories/57716

http://secunia.com/advisories/57719

Related Vulnerabilities

CVE-2022-41249 Vulnerability in maven package com.meowlomo.jenkins:scm-httpclient

CVE-2016-4216 Vulnerability in maven package com.adobe.xmp:xmpcore

CVE-2018-1000153 Vulnerability in maven package org.jenkins-ci.plugins:vsphere-cloud

CVE-2007-5333 Vulnerability in maven package tomcat:tomcat-coyote

CVE-2019-1003066 Vulnerability in maven package org.jvnet.hudson.plugins:bugzilla

Severity

Critical

Classification

CWE-94

Tags

Vendor Advisory